DigitalOcean Kubernetes: new control plane is faster and free, enable HA for 99.95% uptime SLA

Question

Problem with Iptables.

  • Posted on November 18, 2013
  • pawlo.gomAsked by pawlo.gom

Hi. I have a problem with Iptables. I cant use the command: sudo iptables -L, because the error is: FATAL: Could not load /lib/modules/3.2.0-55-virtual/modules.dep: No such file or directory iptables v1.4.12: can't initialize iptables table filter’: Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.

I have installed on my droplet (system ubuntu 12.04) Zpanel and fail2ban according to this guide: https://digitalocean.com/community/articles/how-to-protect-ssh-with-fail2ban-on-ubuntu-12-04 Please, help me. Thank for every piece of advice!

Show comments
Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Sign up now

Kamal NasserJanuary 15, 2014

@Leandro: You have to install the kernel that you’re using: <br><pre>sudo apt-get install linux-image-$(uname -r)</pre> <br> <br>Once that’s done, it should work. If it doesn’t, try rebooting your droplet.

phil2kJanuary 16, 2018

The problem still exists in the latest version of the kernel selected for a dropbox with Ubuntu 16.04: “Ubuntu 16.04 x64 vmlinuz 4.4.0-28-generic”, kernel modules becoming somehow “ephemeral” (disappearing after the reboot) + making the floating IP not working anymore:

# iptables -nvL
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.4.0-28-generic
iptables v1.6.0: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
# uname -a
Linux do1 4.4.0-28-generic #47-Ubuntu SMP Fri Jun 24 10:09:13 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

Also I tryed to reinstall the packages linux-image-4.4.0-28-generic & linux-headers-4.4.0-28-generic, but after a reboot (or a cold restart of the droplet), the kernel modules needed for iptables are missing again, having to reinstall them by hand again.

Also, this effect somehow negatively affects the Floating IP, making not forwarding any more packets to the real IP of the droplet, than after I tried to reassing the IP (even with unassing & assing) only syn-packets are seen by the droplet:

# tcpdump -ni ens3 tcp port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes
01:09:12.412367 IP 46.229.168.74.13662 > 10.19.0.5.80: Flags [S], seq 4276730076, win 29200, options [mss 1460,sackOK,TS val 2958302465 ecr 0,nop,wscale 7], length 0
01:09:12.476775 IP 54.36.149.72.22052 > 10.19.0.5.80: Flags [SEW], seq 3676365313, win 29200, options [mss 1460,sackOK,TS val 523651869 ecr 0,nop,wscale 7], length 0
01:09:12.976502 IP 46.229.168.65.18120 > 10.19.0.5.80: Flags [S], seq 2115694078, win 29200, options [mss 1460,nop,wscale 8], length 0
01:09:13.478790 IP 54.36.149.72.22052 > 10.19.0.5.80: Flags [S], seq 3676365313, win 29200, options [mss 1460,sackOK,TS val 523652120 ecr 0,nop,wscale 7], length 0
01:09:13.997644 IP 46.229.168.65.18120 > 10.19.0.5.80: Flags [S], seq 2115694078, win 29200, options [mss 1460,nop,wscale 8], length 0
01:09:14.656615 IP 46.229.168.79.41028 > 10.19.0.5.80: Flags [S], seq 2031893919, win 29200, options [mss 1460,sackOK,TS val 1861357496 ecr 0,nop,wscale 7], length 0
01:09:15.498728 IP 54.36.149.72.22052 > 10.19.0.5.80: Flags [S], seq 3676365313, win 29200, options [mss 1460,sackOK,TS val 523652625 ecr 0,nop,wscale 7], length 0

Than after a while, these packages are not seen anymore.

There’s no firewall configured (after reinstalling the kernel modules by hand, there are no rules):

# apt-get install --reinstall linux-image-generic linux-headers-generic linux-image-`uname -r` linux-headers-`uname -r`
...
# iptables-save 
# Generated by iptables-save v1.6.0 on Tue Jan 16 01:18:13 2018
*raw
:PREROUTING ACCEPT [409:29597]
:OUTPUT ACCEPT [279:41334]
COMMIT
# Completed on Tue Jan 16 01:18:13 2018
# Generated by iptables-save v1.6.0 on Tue Jan 16 01:18:13 2018
*mangle
:PREROUTING ACCEPT [409:29597]
:INPUT ACCEPT [409:29597]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [281:42238]
:POSTROUTING ACCEPT [281:42238]
COMMIT
# Completed on Tue Jan 16 01:18:13 2018
# Generated by iptables-save v1.6.0 on Tue Jan 16 01:18:13 2018
*nat
:PREROUTING ACCEPT [15:753]
:INPUT ACCEPT [15:753]
:OUTPUT ACCEPT [10:886]
:POSTROUTING ACCEPT [10:886]
COMMIT
# Completed on Tue Jan 16 01:18:13 2018
# Generated by iptables-save v1.6.0 on Tue Jan 16 01:18:13 2018
*filter
:INPUT ACCEPT [1460:132563]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1196:222500]
COMMIT
# Completed on Tue Jan 16 01:18:13 2018
Kamal NasserNovember 20, 2013

You must install the kernel package corresponding to the kernel you set your droplet to boot from (using our control panel).

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up